Message Doubles

Stephen Swaney steve.swaney at fsl.com
Tue Mar 28 15:37:21 IST 2006


> -----Original Message-----
> From: Stephen Swaney [mailto:steve.swaney at fsl.com]
> Sent: Tuesday, March 28, 2006 8:00 AM
> To: 'MailScanner discussion'
> Subject: RE: Message Doubles
> 
> 
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> > bounces at lists.mailscanner.info] On Behalf Of Matt Kettler
> > Sent: Monday, March 27, 2006 10:01 PM
> > To: MailScanner discussion
> > Subject: Re: Message Doubles
> >
> > spart cus wrote:
> > > Hi guys,
> > > I know i've read this problem before.Though im not using the MS yet.
> But
> > > know im currently experiencing this with some of my clients. How can i
> > > check this out.
> >
> > Start off by comparing Message-ID: headers.. If the message is a dupe
> > occurring
> > at the MTA layer, they should be the same. If they're different, some
> > piece of
> > software that thinks it's at the client level re-generated the message
> > (ie: a
> > auto-forwarder rule in a client).
> >
> > Follow up with comparing the path in the Received: headers. Do they
> differ
> > at
> > all? If so, one of the servers involved in the difference is
> responsible.
> > --
> 
> I believe this may be happening at two of our sites. One runs:
> 
> 	SuSE 8.0
> 	MailScanner version 4.51.6
> 	sendmail-8.12.6-210
> 	Lock Type = flock
> 
> The other runs:
> 
> 	CentOS release 3.6
> 	MailScanner version 4.51.6
> 	sendmail-8.13.1-3.RHEL4.3
> 	Lock Type = posix
> 
> Log messages indicate that sendmail attempts to deliver the message over
> and over but apparently never receives and acknowledgement of delivery
> from the client. A typical log entry:
> 
> Mar 27 12:03:08 smzz sendmail[20642]: k2OL5BPX014779:
> to=<rzzz at zzzzzzz.com>, delay=2+19:57:57, xdelay=00:10:23, mailer=smtp,
> pri=23836807, relay=[66.1.1.5] [66.1.1.5], dsn=4.0.0, stat=Deferred: 451
> Timeout waiting for client input
> 
> This message keeps repeating until the message is manually deleted from
> the outbound mail queue. The recipient gets a copy of the message every
> time delivery is attempted.
> 
> I have copies of the qf and df files for two of these messages. A quick
> scan of the messages does not reveal anything obviously amiss to me.
> 
> I'm not yet 100% convinced it's a MailScanner problem. Other software /
> hardware could be intercepting the receiver's acknowledgement. At the SuSE
> site the problem hasn't occurred since we turned off the PIX "sendmail
> helper" function but since the problem occurs rarely, it just might be too
> early to tell.
> 
> At the CentOS site, turning off the PIX  at the receiving end (if in fact
> this was done correctly) did not solve the problem. Still it's interesting
> that PIX was involved in both receiving sites.
> 
> Still this problem did start about the same time the TNEF code was added
> to MailScanner. We've been trouble shooting it on our own as we did not
> originally think it was caused by MailScanner. Because of this new list
> thread and the differences in sendmail versions and OS versions at the
> troubled sites I'm beginning to wonder.
> 
> If anyone would like copies of these "repeating" messages please email me
> off list.
> 
> Steve

Replying to my own message but further investigation shows that the client
did NOT correctly configure the PIX server on the receiving end of the
problem message.

I suggest that you check for a banner similar to:

Connected to mail.xxxx.com (68.1.1.166).
Escape character is '^]'.
220
****************************************************************************
**************************************************

When you telnet to port 25 on the receiving system. This is a PIX connection

Try turning off this protocol. It appears to have little if any security
value. Please see:

http://www.issociate.de/board/post/195084/SMTP_Fixup_--_On_or_Off???.html


Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com



More information about the MailScanner mailing list